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Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC 
Abstract 
This document describes how to specify Edwards-curve Digital Security 


Algorithm (EdDSA) keys and signatures in DNS Security (DNSSEC). It 
uses EdDSA with the choice of two curves: Ed25519 and Ed448. 
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1. Introduction 


DNSSEC, which is broadly defined in [RFC4033], [RFC4034], and 
[RFC4035], uses cryptographic keys and digital signatures to provide 
authentication of DNS data. Currently, the most popular signature 
algorithm in use is RSA. GOST [RFC5933] and NIST-specified elliptic 
curve cryptography [RFC6605] are also standardized. 


[RFC8032] describes the elliptic curve signature system Edwards-curve 
Digital Signature Algorithm (EdDSA) and recommends two curves, 
Ed25519 and Ed448. 


This document defines the use of DNSSEC’s DS, DNSKEY, and RRSIG 
resource records (RRs) with a new signing algorithm, EdDSA, using a 
choice of two curves: Ed25519 and Ed448. 


2. Requirements Language 
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
document are to be interpreted as described in [RFC2119]. 

3. DNSKEY Resource Records 
An Ed25519 public key consists of a 32-octet value, which is encoded 
into the Public Key field of a DNSKEY resource record as a simple bit 


string. The generation of a public key is defined in Section 5.1.5 
of [RFC8032]. 
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An Ed448 public key consists of a 57-octet value, which is encoded 
into the Public Key field of a DNSKEY resource record as a simple bit 
string. The generation of a public key is defined in Section 5.2.5 
of [RFC8032]. 


4. RRSIG Resource Records 


An Ed25519 signature consists of a 64-octet value, which is encoded 
into the Signature field of an RRSIG resource record as a simple bit 
string. The Ed25519 signature algorithm and verification of the 
Ed25519 signature are described in Sections 5.1.6 and 5.1.7 of 
[RFC8032], respectively. 


An Ed448 signature consists of a 114-octet value, which is encoded 
into the Signature field of an RRSIG resource record as a simple bit 
string. The Ed448 signature algorithm and verification of the Ed448 
signature are described in Sections 5.2.6 and 5.2.7 of [RFC8032], 
respectively. 


5. Algorithm Number for DS, DNSKEY, and RRSIG Resource Records 


The algorithm number associated with the use of Ed25519 in DS, 
DNSKEY, and RRSIG resource records is 15. The algorithm number 
associated with the use of Ed448 in DS, DNSKEY, and RRSIG resource 
records is 16. This registration is fully defined in the IANA 
Considerations section. 


6. Examples 
6.1. Ed25519 Examples 


Private-key-format: v1.2 
Algorithm: 15 (ED25519) 
PrivateKey: ODIyNjJAzODQ2MjgwODAxMjI2NDUxOTAyMDOXxNDIyNjI= 


example.com. 3600 IN DNSKEY 257 3 15 ( 
102Wo0i0iS8Aa25FQOkUd9RMzZHJPBORQWAQEX1SxZJA4= ) 


example.com. 3600 IN DS 3613 15 2 ( 
3aa5ab37efced57£737£c1627013fee0 7bdf241bd10£3b1964ab55c78e79 
a304b ) 


example.com. 3600 IN MX 10 mail.example.com. 


example.com. 3600 IN RRSIG MX 3 3600 ( 
1440021600 1438207200 3613 example.com. ( 
Edk+IB9KNNWgGOHAJm7FazXyrd5m3Rk8zNZbvNpAcMt+eysqcUOMI jWoevFkj 
H5GaMWeG9 6GUVZuU6ECKOQmemHDg== ) 
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Private-key-format: v1.2 
Algorithm: 15 (ED25519) 
PrivateKey: DSSF300s0f+E1Wzj9E/Osxw8hLpk55chkmx0LYN5WiY= 


example.com. 3600 IN DNSKEY 257 3 15 ( 
zPnZ/QwEe7S8C5SPz20fS5RR40ATK2/rYnE9xXHIEijs= ) 


example.com. 3600 IN DS 35217 15 2 ( 
401781b934e392de492ecT7ae2el5d70f6575alcO0bc59c5275c04ebe80c 
6614c ) 


example.com. 3600 IN MX 10 mail.example.com. 


example.com. 3600 IN RRSIG MX 3 3600 ( 
1440021600 1438207200 35217 example.com. ( 
5LL20bmzdqjWiI+Xto5eP5adxXt/T5tMhasWvwcyW4L3SzfcRaw0le9bodhC+ 
oip9%ayUGjJYIT/rL4rN3bOuESGDA== ) 


6.2. Ed448 Examples 


Private-key-format: v1.2 

Algorithm: 16 (ED448) 

PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst 0qRtNsOYnaVpMx0Z/c5EiA9x 
8wWbDDct /U3FhYWA 


example.com. 3600 IN DNSKEY 257 3 16 ( 
3kgROaD jrhOH2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx 
1FYYUcJKm1MDpJtIA ) 


example.com. 3600 IN DS 9713 16 2 ( 
6ccf£18d5bc5d7 fc2fceb1d59d17321402f2aa8d368048db93dd811f5cb2 
b19c7 ) 


example.com. 3600 IN MX 10 mail.example.com. 


example.com. 3600 IN RRSIG MX 3 3600 ( 
1440021600 1438207200 9713 example.com. ( 
NmcOrgGKpr3GKYXcBlUmgqgqs 4NYwhmechvJTqvzt3jR+Oy/1SLFoIk1L+9e3 
9GPL+5tVzDPN3f 9kAwiu8KCuPP jt1227ayaCZtRKZuJax7n9NuY1ZJIusx0 
SOIOKBGzGtyWYtz1/4jbz15GGkWVREUCUA ) 
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Private-key-format: v1.2 

Algorithm: 16 (ED448) 

PrivateKey: WEykD3ht 3MHkU8iH4uVOLz8JLwt RBSqiBoM6fF72+Mrp/u5gjxuB1DV6NnPO 
2B1Zdz4hdSTkOdOA 


example.com. 3600 IN DNSKEY 257 3 16 ( 
kkreGWoccSDmUBGAe7+zsbG6ZAFQOp+syPmYUurBROc3tD jJeMCUcVMRDmgcN 
Lp5H1HAMy12VoISsA ) 


example.com. 3600 IN DS 38353 16 2 ( 
645ff078b3568f5852b70cb60e8e696cc77b75bfaaffc118cf79cbdalba 
28af4 ) 


example.com. 3600 IN MX 10 mail.example.com. 


example.com. 3600 IN RRSIG MX 3 3600 ( 
1440021600 1438207200 38353 example.com. ( 
+JjANio/LIzp7osmMYE5XD3H/YES8kXs5Vb9H8MjPS80AGZMD37+LsCIcjg 
5ivt0d40m/UaqETEAsJjaYe56CEQP51hRWuD2ivBqE0zfwJTyp4WaqvpULbp 
vaukswvv/WNEFXZEYQEIm9+xD1Xj4pMAMA ) 


7. IANA Considerations 
This document updates the IANA registry "Domain Name System Security 


(DNSSEC) Algorithm Numbers". The following entries have been added 
to the registry: 


poe eR RARR +---------- +---------- + 
| Number | 15 | 16 

| Description | E£d25519 | Ed448 | 
| Mnemonic | ED25519 | ED448 | 
| Zone Signing | Y | Y | 
| Trans. Sec. | * | * 

| Reference | RFC 8080 | RFC 8080 | 
A +---------- +---------- + 


* There has been no determination of standardization of the use of 
this algorithm with Transaction Security. 


8. Security Considerations 


The security considerations of [RFC8032] and [RFC7748] are inherited 
in the usage of Ed25519 and Ed448 in DNSSEC. 


Ed25519 is intended to operate at around the 128-bit security level 
and Ed448 at around the 224-bit security level. A sufficiently large 
quantum computer would be able to break both. Reasonable projections 
of the abilities of classical computers conclude that Ed25519 is 
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perfectly safe. Ed448 is provided for those applications with 
relaxed performance requirements and where there is a desire to hedge 
against analytical attacks on elliptic curves. 


These assessments could, of course, change in the future if new 
attacks that work better than the ones known today are found. 


A private key used for a DNSSEC zone MUST NOT be used for any other 
purpose than for that zone. Otherwise, cross-protocol or cross- 
application attacks are possible. 
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